Integer overflow in xpath.c, allows context-dependent attackers
to to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted XML file that triggers a heap-based
buffer overflow when adding a new namespace node, related to
handling of XPath expressions.